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(57) There are provided an apparatus and method 
that generate a MAC list that serves as an access con- 
trol list efficiently without burdening a user A MAC list 
registration processing request packet is automatically 
transmitted by using as a trigger either a power-on proc- 
ess of the power source of a client apparatus connected 
to a network or an activation process of a specific appli- 



cation, e.g., an execution application for services using 
a home network. A server performs a registration proc- 
ess by acquiring information such as a MAC address 
from the received packet in accordance with a state of 
empty slots in the MAC list. According to this configura- 
tion, it is possible to easily and correctly generate the 
MAC list, which serves as the access control list, without 
burdening a user. 
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Description 

Technical Field 

[0001 ] The present invention relates to an information 
processing apparatus, a server client system and meth- 
od, and a computer program. More particularly, the 
present invention relates to an information processing 
apparatus, a server client system and method, and a 
computer program, wherein in the configuration which 
executes communications among network-connected 
apparatuses, access privilege judgment information is 
generated efTiciently without burdening users to allow 
an access limitation process to be executed in accord- 
ance with the generated judgment information. 

Background Art 

[0002] Following the advent of recent widespread da- 
ta communication networks, so-called home networks 
are prevailing which allow communications among net- 
work-connected apparatuses including home electric 
appliances, computers and other peripheral apparatus- 
es. The home network provides users with convenienc- 
es and comfortableness through communications 
among network-connected apparatuses, such as shar- 
ing a data processing function of each apparatus and 
content transmission/reception among apparatuses. It 
is therefore predicted that home networks spread further 
in the future. 

[0003] As the protocol suitable for the configuration of 
the home network, a Universal Plug and Play (UPnP) is 
known. The Universal Plug and Play (UPnP) facilitates 
to configure a network without involving any complicat- 
ed manipulations, and allows each network-connected 
apparatus to receive services provided by other con- 
nected apparatuses without difficult manipulations and 
settings. UPnP has the advantage that it does not rely 
upon an OS (operating system) of a device and addition 
of devices is easy. 

[0004] UPnP exchanges an XML (extensible Markup 
Language) compliant definition file among connected 
apparatuses to effect mutual recognition among the ap- 
paratuses. The following is the summary of UPnP proc- 
esses. 

(1) An addressing process of acquiring own device 
ID such as an IP address. 

(2) A discovery process of searching each device 
on a network and receiving a response from each 
device to acquire information such as a device type 
and a function contained in the response. 

(3) A service request process of requesting each 
device for services in accordance with the informa- 
tion acquired by the discovery process. 

[0005] With the above-described procedure, service 
provision and reception become possible by using net- 



work-connected apparatuses. An apparatus to be newly 
connected to a network acquires a device ID by the ad- 
dressing process, acquires information of another net- 
work-connected device by the discovery process, and 

5 can request another apparatus for services In accord- 
ance with the acquired information. 
[0006] It is, however, necessary for the network of this 
type to consider a countermeasure against illegal ac- 
cesses. An apparatus in the home network, such as a 

10 server, often stores contents such as private contents 
and charged contents whose copyright is required to be 
managed. 

[0007] Contents stored in such a server in the home 
network can be accessed from another network-con- 

15 nected apparatus. For example, an apparatus effected 
UPnP connection, which is the above-described simple 
apparatus connection configuration, can acquire the 
contents. If the contents are movie data or music data, 
a user of a TV, a player or the like connected to the net- 

20 work can see the movie or listen to the music. 

[0008] An apparatus connected by a user having a 
use right of contents is allowed to access. However, a 
user not having a use right of contents or the like can 
easily enter the network having the above-described 

25 network configuration. For example, in a network con- 
figured by wireless LAN, a theft of contents in a server 
at a home may occur by illegally entering the network 
by using a communication apparatus in an outdoor area, 
in a next house or the like. The configuration permitting 

30 illegal accesses of this type may resuK in secret leak 
and poses an important issue from the management 
viewpoint of content copyright. 

[0009] The following configuration which excludes the 
above-described illegal accesses has been proposed. 
35 A list of access-permitted clients is stored, for example, 
in a server, and when an access request is issued from 
a client to the server, the server executes a verification 
process by using the list to exclude an illegal access. 
[001 0] For example. MAC (Media Access Control) ad- 
40 dress filtering is known which sets an access permission 
apparatus list of MAC addresses which are physical ad- 
dresses specific to network-connected apparatuses. In 
MAC address filtering, access permission MAC ad- 
dresses are registered beforehand in a router or a gate- 
45 way isolating an internal network (subnet) such as a 
home network from an external network, and a MAC ad- 
dress in a received packet is compared with the regis- 
tered MAC addresses to reject an access from an ap- 
paratus having a MAC address not registered. The tech- 
no nology of this type is disclosed, for example, in Patent 
Document 1 (Japanese Patent Application Publication 
No. H10-271154). 

[0011] It is, however, necessary for a registration 
process for access limitation MAC addresses to check 
55 MAC addresses of all apparatuses to be connected to 
the network, and for an operator to enter the acquired 
MAC addresses (48 bits) of all apparatuses and form a 
list. These processes may be performed by a certain 
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manager if a secure environment is required to be con- 
figured such as in particular companies, organizations 
and the like. However, it is not realistic to request a gen- 
eral user to generate and store a MAC list, for example, 
in a home network environment set at a general home. 5 
[0012] An addition process for a new apparatus oc- 
curs often in a home network. If a user is required to 
check and register the MAC address of a new apparatus 
each time the addition process is executed, feasibility of 
network configuration is lost. iO 
[0013] Configuring a so-called ubiquitous environ- 
ment is now in general homes. In the ubiquitous envi- 
ronment, a network configuration including not only PCs 
but also electric home appliances allows an access from 
any apparatus. With the spread of wireless LANs and i5 
the like, a communicable apparatus can easily invade a 
wireless LAN externally. In these network environments, 
illegal accesses to network-connected apparatuses are 
likely to occur, further increasing the possibility of secret 
information theft, illegal content read and the like 20 
through illegal accesses. It is desired under these cir- 
cumstances that a proper access control configuration 
should be realized easily without burdening general us- 
ers. 

25 

Disclosure of the Invention 

[0014] The present invention has been made in con- 
sideration of the above-described problems, and has an 
object to provide an information processing apparatus, 30 
a server client system and method and a computer pro- 
gram, in which in the configuration of network-connect- 
ed apparatuses, an access control configuration can be 
made easily and reliably without forcing a load on a user 
having a network-connected apparatus. 35 
[001 5] The present invention has an object to provide 
an information processing apparatus, a server client 
system and method and a computer program, in which, 
for example, an apparatus (server) for receiving a 
processing request from various network-connected ap- 40 
paratuses (clients) realizes the configuration that the 
server judges from client identification whether or not 
the client has a processing request privilege and ac- 
knowledges a processing request only from the client 
having the processing request privilege, to thereby pre- 45 
vent secret leak by excluding the processing request 
from an unauthorized apparatus and realize a proper 
management of content copyright. 
[0016] A first aspect of the present invention resides 
in an information processing apparatus for executing a so 
process of generating an access control list, character- 
ized by comprising: 

a reception unit for receiving a packet from a client 
that serves as an access requesting apparatus; ss 
a storage unit storing a MAC list in which informa- 
tion of a MAC list for one client is set as registration 
data for one slot; 
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a registration permission judgment unit for confirm- 
ing whether or not there is an empty slot in the MAC 
list and judging as that a registration is permitted 
only if there is the empty slot, in a client registration 
process based on a received packet at the recep- 
tion unit; and 

a registration processing unit for acquiring data con- 
taining a client MAC address from the received 
packet and executing a registration process for the 
MAC list, in accordance with a judgment of the reg- 
istration permission by the registration permission 
judgment unit. 

[001 7] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 
tion, the registration processing unit is characterized by 
having a configuration such that a sender MAC address 
contained in a header field of the packet received from 
the client is acquired and the acquired sender MAC ad- 
dress is adopted as registration information of the MAC 
list. 

[0018] Further, according to an embodiment of the 
present invention, the information processing apparatus 
is characterized by further comprising a packet analysis 
unit for judging whether the packet received from the 
client is a registration processing request packet or a 
data processing request packet, and having a configu- 
ration such that if the packet received from the client is. 
the registration processing request packet, the registra- 
tion permission judgment unit executes a registration 
permission judgment process in accordance with a 
presence/absence detection process for the empty slot 
in the MAC address, and the registration processing unit 
executes a registration process in accordance with the 
judgment of the registration permission by the registra- 
tion permission judgment unit. 

[0019] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 
tion, the information processing apparatus is character- 
ized by a configuration such that if the packet received 
from the client is the data processing packet, the regis- 
tration permission judgment unit executes the registra- 
tion permission judgment process in accordance with 
the presence/absence detection process for the empty 
slot in the MAC address, and the registration processing 
unit executes the registration process for the MAC list 
in accordance with the judgment of the registration per- 
mission by the registration permission judgment unit, by 
acquiring the data containing the client MAC address 
from the received data processing request packet. 
[0020] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 
tion, the information processing apparatus is character- 
ized by further comprising a control unit for executing a 
close process for the empty slot under a condition that 
a lapse time from a setting process for the empty slot in 
the MAC list exceeds a predetermined threshold time. 
[0021] Further, according to an embodiment of the in- 
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formation processing apparatus of the present inven- 
tion, the registration permission judgment unit is char- 
acterized by a configuration such that the registration 
pemiission judgment unit executes a process of judging 
whether or not a data processing request sequence 5 
from the client correctly and reliably executes a se- 
quence in conformity with a UPnP protocol and the reg- 
istration processing unit is characterized by a configu- 
ration such that the registration processing unit exe- 
cutes the registration process for the MAC list in accord- *o 
ance with a judgment that the data processing request 
sequence from the client correctly and reliably executes 
the sequence in conformity with a UPnP protocol, by ac- 
quiring the data containing the client MAC address from 
the received data processing request packet. ^5 
[0022] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 
tion, the registration permission judgment unit is char- 
acterized by judging whether a content directory service 
(CDS) request process in the sequence in conformity 20 
with the UPnP protocol is executed or not in response 
to a data processing request from the client, and the reg- 
istration processing unit is characterized by a configu- 
ration such that the registration processing unit exe- 
cutes the registration process for the MAC list in accord- 25 
ance with a judgment that the content directory service 
(CDS) request process is executed, by acquiring the da- 
ta containing the client MAC address from the received 
data processing request packet. 

[0023] Further, according to an embodiment of the in- 30 
formation processing apparatus of the present inven- 
tion, the registration processing unit is characterized by 
a configuration such that the registration processing unit 
executes the registration process for the MAC list by ac- 
quiring the MAC address and identification information 35 
different from the MAC address stored in the packet re- 
ceived from the client. 

[0024] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 
tion, the Identification information different from the ^0 
MAC address is characterized by being identification in- 
formation of global unique ID information or key infor- 
mation set to a client apparatus. 
[0025] A second aspect of the present invention re- 
sides in an information processing apparatus that ^5 
serves as a client for executing an access request to a 
server connected to a network, characterized by com- 
prising: 

a control unit for executing a process of generating 50 
and transmitting an access control list registration 
processing request packet explicitly indicating a 
registration request in a MAC list possessed by the 
server, by storing own MAC address in header in- 
formation. 55 

[0026] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 



tion, the control unit is characterized by a configuration 
such that the control unit executes a process of gener- 
ating a packet storing the identification information of 
the global unique ID information or the key information 
set to the client apparatus, in a process of generating 
the access control list registration processing request 
packet. 

[0027] Further, according to an embodiment of the in- 
formation processing apparatus of the present inven- 
tion, the control unit is characterized by a configuration 
such that the control unit transmits the access control 
list registration processing request packet by broadcast 
transmission or multicast transmission. 
[0028] A third aspect of the present invention resides 
in a server client system including a server for receiving 
an access request and a client for executing the access 
request, characterized in that: 

the client has a configuration such that the client ex- 
ecutes a transmission process by generating an ac- 
cess control list registration processing request 
packet storing own MAC address in header infor- 
mation, under a condition of a power-on process of 
an information processing apparatus or a specific 
application activation process; and 
the server has a configuration such that the server 
receives the access control registration processing 
request packet from the client, confirms whether or 
not there is an empty slot in a MAC list which sets 
information including a MAC address of one client 
as registration data for one slot, and executes a reg- 
istration process of registering client information 
based on the packet in the MAC list, only when there 
is the empty slot. 

[0029] Further, according to an embodiment of the cli- 
ent server system of the present invention, the server is 
characterized by a configuration such that the server ex- 
ecutes a process of acquiring a sender MAC address 
contained in a header filed on a packet received from 
the client and adopting the acquired sender MAC ad- 
dress as registration information for the MAC list. 
[0030] A fourth aspect of the present Invention resides 
in an information processing method of executing a 
process of generating an access control list, character- 
ized by comprising: 

a reception step of receiving a packet from a client 
that serves as an access requesting apparatus; 
a registration permission judgment step of judging 
whether or not there Is an empty slot in a MAC list 
in which information of a MAC list for one client is 
set as registration data for one slot; and 
a registration processing step of acquiring data con- 
taining a client MAC address from the received 
packet and executing a registration process for the 
MAC list, in accordance with a judgment at the reg- 
istration permission judgment step that there is the 
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empty slot. 

[0031] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
the registration processing step is characterized by ac- s 
quiring a sender MAC address contained in a header 
field of the packet received from the client and adopts 
the acquired sender MAC address as registration infor- 
mation of the MAC list. 

[0032] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
the information processing method is characterized by 
further comprising a packet analysis step of judging 
whether the packet received from the client is a regis- 
tration processing request packet or a data processing 
request packet, and in a configuration such that if it is 
judged at the packet analysis step that the packet re- 
ceived from the client is the registration processing re- 
quest packet, the registration permission judgment step 
executes a registration permission judgment process in 
accordance with a presence/absence detection process 
for the empty slot in the MAC address. 
[0033] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
if the packet received from the client is the data process- 
ing packet, the registration permission judgment step 
executes the registration permission judgment process 
in accordance with the presence/absence detection 
process for the empty slot in the MAC address, and the 
registration processing unit step executes the registra- 
tion process for the MAC list in accordance with the judg- 
ment of the registration permission by the registration 
permission judgment unit, by acquiring the data contain- 
ing the client MAC address from the received data 
processing request packet. 

[0034] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
the information processing method is characterized by 
further comprising a control step of executing a close 
process for the empty slot under a condition that a lapse 
time from a setting process for the empty slot in the MAC 
list exceeds a predetermined threshold time. 
[0035] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
the registration permission judgment step is character- 
ized by including a step of judging whether or not a data 
processing request sequence from the client correctly 
and reliably executes a sequence in conformity with a 
UPnP protocol, and the registration processing step is 
characterized by executing the registration process for 
the MAC list in accordance with a judgment that the data 
processing request sequence from the client correctly 
and reliably executes the sequence in conformity with a 
UPnP protocol, by acquiring the data containing the cli- 
ent MAC address from the packet received from the cli- 
ent. 

[0036] Further, according to an embodiment of the in- 
formation processing method of the present invention, 



the registration permission judgment step is character- 
ized by including a step of judging whether a content 
directory service (CDS) request process In the se- 
quence in conformity with the UPnP protocol is executed 
or not in response to a data processing request from the 
client, and the registration processing step is character- 
ized by executing the registration process for the MAC 
list in accordance with a judgment that the content di- 
rectory service (CDS) request process is executed, by 
acquiring the data containing the client MAC address 
from the packet received from the client. 
[0037] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
the registration processing step is characterized by ex- 
ecuting the registration process for the MAC list by ac- 
quiring the MAC address and identification information 
different from the MAC address stored in the packet re- 
ceived from the client. 

[0038] Further, according to an embodiment of the in- 
formation processing method of the present invention, 
the identification information different from the MAC ad- 
dress is characterized by being identification informa- 
tion of global unique ID information or key information 
set to a client apparatus. 

[0039] A fifth aspect of the present Invention resides 
in an Information processing method for an Information 
processing apparatus that serves as a client for execut- 
ing an access request to a server connected to a net- 
work, characterized by comprising: 

a trigger detection step of detecting as trigger infor- 
mation a power-on process of the information 
processing apparatus or a specific application acti- 
vation process; and 

a packet generation and transmission process step 
of generating and transmitting an access control list 
registration processing request packet explicitly in- 
dicating a registration request in a MAC list pos- 
sessed by the server, under a condition that the trig- 
ger information is detected, by storing own MAC ad- 
dress in header information. 

[0040] Further, according to an embodiment of the In- 
formation processing method of the present Invention, 
the packet generation and transmission process step is 
characterized by executing a process of generating a 
packet storing the identification information of the global 
unique ID information or the key information set to the 
client apparatus, in a process of generating the access 
control list registration processing request packet. 
[0041] Further, according to an embodiment of the In- 
formation processing method of the present invention, 
the packet generation and transmission process step is 
characterized by transmitting the access control list reg- 
istration processing request packet by broadcast trans- 
mission or multicast transmission. 
[0042] A sixth aspect of the present invention resides 
in a computer program for executing a process of gen- 
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erating an access control list, characterized by compris- 
ing: 

a reception step of receiving a packet from a client 
that serves as an access requesting apparatus; 
a registration permission judgment step of judging 
whether or not there is an empty slot in a MAC list 
in which information of a MAC list for one client is 
set as registration data for one slot; and 
a registration processing step of acquiring data con- 
taining a client MAC address from the received 
packet and executing a registration process for the 
MAC list, in accordance with a judgment at the reg- 
istration permission judgment step that there is the 
empty slot. 

[0043] A seventh aspect of the present invention re- 
sides in a computer program for executing an informa- 
tion processing method for an information processing 
apparatus that serves as a client for executing an ac- 
cess request to a server connected to a network, char- 
acterized by comprising: 

a trigger detection step of detecting as trigger infor- 
mation a power-on process of the information 
processing apparatus or a specific application acti- 
vation process; and 

a packet generation and transmission process step 
of generating and transmitting an access control list 
registration processing request packet explicitly in- 
dicating a registration request in a MAC list pos- 
sessed by the server, under a condition that the trig- 
ger information is detected, by storing own MAC ad- 
dress in header information. 

[0044] According to the configuration of the present 
invention, the MAC list registration processing request 
packet is automatically transmitted by using as a trigger 
either a power-on process of the power source of a client 
apparatus connected to the network or an activation 
process of a specific application, e.g., an execution ap- 
plication for services using a home network. On the 
server side, information such as a MAC address is ac- 
quired from the received packet and registered, in ac- 
cordance with the state of an empty slot in the MAC list. 
It is therefore possible to generate the MAC list as the 
access control list easily and efficiently without burden- 
ing a user. 

[0045] Further, according to the configuration of the 
present invention, if the registration processing request 
packet is not received before a lapse of a threshold time 
after an empty slot Is set to the MAC list of the server, 
the close process for the empty slot in the MAC list is 
executed. Therefore, the empty slot in the MAC list is 
not maintained for a long time and the registration proc- 
ess is not executed erroneously even if the server re- 
ceives the registration request from the third party. It is 
therefore possible to prevent an unauthorized data 
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processing request from being acknowledged. 
[0046] Further according to the configuration of the 
present invention, the server side executes a process 
of registering a client still not registered, in response to 
s an ordinary data processing request received from a cli- 
ent. It is therefore possible to register the client in the 
MAC list without using the registration processing re- 
quest packet. 

[0047] Further according to the configuration of the 
10 present invention, even if the client is an apparatus un- 
able to transmit a packet in conformity with a specific 
network access control (SNAC) and is a Universal Plug 
and Play (UPnP) compliant apparatus, the client can be 
automatically registered in the MAC list if the sequence 
15 in conformity with the UPnP protocol is executed cor- 
rectly and reliably, so that the MAC list can be generated 
without burdening a user. 

[0048] Further, according to the configuration of the 
present invention, a global unique ID GUID or unique 

20 key information data set to an apparatus is stored as 
registration information of the MAC list, and the server 
received the data processing request executes client 
recognition by using not only the MAC address but also 
the identification data such as GUID and key informa- 

25 tion. High level security management can therefore be 
realized. 

[0049] The computer program of the present inven- 
tion can be supplied to, for example, a general computer 
system capable of executing various program codes, in 

30 the computer readable format, by storage media and 
communication media such as a CD, an FD and an MO 
as the storage media, and a network as the communi- 
cation media. By supplying the computer program in the 
computer readable format, processes corresponding to 

35 the program can be realized on the computer system. 
[0050] Other objects, features and advantages of the 
present invention will become apparent from the more 
detailed description when read with the embodiments of 
the present invention to be described later and the ac- 

40 companying drawings. In this specification, a system is 
a plurality of configurations of apparatus logical collec- 
tion, and is not limited to a system that apparatuses of 
each configuration are accommodated in the same 
housing. 

45 

Brief Description of the Drawings 
[0051] 

50 Fig. 1 is a diagram showing an example of a network 
configuration applicable to the present invention. 
Fig. 2 is a diagram showing an example of the struc- 
ture of a network-connected apparatus. 
Fig. 3 is a block diagram illustrating the processing 

55 function of a server. 

Fig. 4 is a diagram showing an example of the struc- 
ture of a MAC list. 

Fig. 5 is a diagram showing the format of an Ether- 
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net frame. 

Fig. 6 is a flow chart illustrating a client registration 
processing sequence for the MAC list. 
Fig. 7 is a diagram illustrating MAC list registration 
request data. 5 
Fig. 8 Is a flow chart Illustrating a slot setting close 
process for the MAC list. 

Fig. 9 is a flow chart illustrating a registration proc- 
ess for the MAC list in response to a data process- 
ing request. io 
Fig. 10 is a flow chart illustrating the registration 
process for the MAC list under the condition that the 
processing sequence is executed In accordance 
with a UPnP protocol. 

Fig. 11 Is a flow chart illustrating the process se- i5 
quence of the server including a data processing 
execution permission judgment by a verification 
process for the MAC address and other identifica- 
tion Information. 

20 

Best Mode for Carrying out the Invention 



network-connected apparatus receives/transmits via 
the network 100 a packet having a destination MAC ad- 
dress and a sender MAC address as header informa- 
tion, e.g., an Ethernet (registered trademark) frame. 
Namely, each client Issues a data processing request to 
the server 101 , by transmitting to the server 101 an Eth- 
ernet frame storing processing request information In a 
data field. Upon reception of the processing request 
frame, the server 101 executes an access privilege 
judgment process to be described later, executes data 
processing if it is judged that the privilege exists, and 
when necessary stores the data processing result in the 
data field of an Ethernet frame and transmits It to the 
client. 

[0056] Network-connected apparatuses are constitut- 
ed of, for example, UPnP (Universal Plug and Play) 
compliant apparatuses. This configuration facilitates ad- 
dition and deletion of an apparatus with respect to the 
network. An apparatus to be newly added to the network 
can receive services from the network-connected appa- 
ratuses by executing the following processes: 



[0052] In the following, with reference to the accom- 
panying drawings, detailed description will be made on 
an information processing apparatus, a server client 
system and method and a computer program. 

[System Outline and MAC List] 

[0053) First, with reference to Fig. 1. description will 
be made on an example of a network configuration ap- 
plicable to the present invention. Fig. 1 shows the con- 
figuration, e.g., a home network configuration in which 
a network 100 interconnects a server 101 for executing 
a process corresponding to a processing request from 
each of various client apparatuses, and client appara- 
tuses for Issuing a processing request to the server 101 . 
Including PCs 121. 122, 124 and portable communica- 
tion terminals 123 and 125 such as a PDA and a portable 
phone. 

[0054] The process to be executed by the server 101 
in response to a request from a client includes, for ex- 
ample, a supply of contents stored in a storage means 
such as a hard disc possessed by the server 101, data 
processing services through execution of server execut- 
able application programs, and the like. In Fig. 1, the 
server 101 is shown by discriminating it from other client 
apparatuses: PCs 121. 122. 124 and portable commu- 
nication terminals 123 and 125 such as PDA and a port- 
able phone. Although the server apparatus provides 
services corresponding to the request from the clients, 
any client apparatus may provide a server function if its 
own data processing sers/ice is provided to other clients. 
Therefore, each client apparatus connected to the net- 
work shown in Fig. 1 may become a server. 
[0055] The network 1 00 is a wired network, a wireless 
network or the like, and each network-connected appa- 
ratus has a MAC (Medial Access Control) address. Each 



(1) An addressing process of acquiring its own de- 
vice ID such as an IP address. 
25 (2) A discovery process of searching each device 
on a network and receiving a response from each 
device to acquire information such as a device type 
and a function contained in the response. 
(3) A service request process of requesting each 
30 device for services In accordance with the informa- 
tion acquired by the discovery process. 

[0057] With reference to Fig. 2, description will be 
made on an example of the hardware structure of an 

35 information processing apparatus such as PC constitut- 
ing the server and client apparatuses shown in Fig. 1. 
[0058] A CPU (Central Processing Unit) 301 executes 
various processes in accordance with a program stored 
in a ROM (Read Only Memory) 302, a HDD 304, or the 

^0 like, and functions as a data processing means or a 
communication control means. RAM 303 stores the pro- 
gram to be executed by CPU 301 and data if appropri- 
ate. A bus 305 interconnects CPU 301 , ROM 302, RAM 
303 and HDD 304. 

45 [0059] An input/output interface 306 is connected to 
the bus 305. An input unit 307 and an output unit 308 
are connected to the input/output interface 306, the in- 
put unit being constituted of a keyboard, switches, but- 
tons, mouse or the like to be operated by a user, and 

50 the output unit being constituted of an LCD, a CRT, a 
speaker or the like to present Information to a user. A 
communication unit and 309 functioning as a data trans- 
mission/reception means and a drive 310 are also con- 
nected to the input/output interface. The drive 310 can 

55 mount a removable recording medium 311 such as a 
magnetic disc, an optical disc, a magneto optical disc 
and a semiconductor memory, and executes a data 
read/write process for the removable recording medium 
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311. 

(0060] The structure shown in Fig. 2 is an example of 
a server and a personal computer (PC) as an example 
of the network-connected apparatus shown in Fig. 1. 
The network-connected apparatus is not limited only to 
PC but it may be a portable communication terminal 
such as a portable phone and a PDA shown in Fig. 1. 
other various electronic apparatuses and information 
processing apparatuses. The hardware structure spe- 
cific to each apparatus can be used, and the processes 
matching the hardware are executed. 
[0061] In the present invention, a network-connected 
apparatus which performs an access control generates 
a MAC list as an apparatus list registering MAC address- 
es of network-connected apparatuses having an access 
privilege. Although there is a conventional access limi- 
tation configuration using a MAC list, it is necessary for 
a user to check the MAC address of each network-con- 
nected apparatus and generate a list by entering the 
checked addresses. 

[0062] In the configuration of the present invention, 
this process by the user is not necessary, but the net- 
work-connected apparatus which performs the access 
control generates automatically the MAC list in accord- 
ance with a packet received from each network-con- 
nected apparatus. 

[0063] Fig. 3 is a block diagram illustrating the 
processing function of a network-connected apparatus 
(server) which performs the access control. The server 
has: a packet transmission/reception unit 501 for trans- 
mitting/receiving a packet via the network; a packet gen- 
eration/analysis unit 502 for generating a packet to be 
transmitted from the packet transmission/reception unit 
501 and analyzing a packet received from the packet 
transmission/reception unit 501; a registration permis- 
sion judgment unit 503 for judging from a packet re- 
ceived from a client whether or not the registration to the 
MAC list is permitted; a registration processing unit 504 
for executing a registration process in accordance with 
a judgment made by the registration permission judg- 
ment unit 503; a storage unit 505 storing the MAC list; 
a data processing permission judgment unit 506 for 
judging whether or not the data processing execution is 
permitted or not, in accordance with whether or not a 
data processing request client is registered in the MAC 
list, which is judged from each of various data process- 
ing request packets sent to the server; and a data 
processing unit 507 for executing the data processing 
requested by the client, under the condition of a data 
processing permission judgment by the data processing 
permission judgment unit. 

[0064] Fig. 4 shows an example of the structure of the 
MAC list as an access control list stored in the network- 
connected apparatus (server) which performs the ac- 
cess control. 

[0065] The MAC list is stored in a storage unit (non- 
volatile memory) in the server. The MAC list has the 
stnjcture that registration data of each client is stored in 
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the slot unit base, information of one registration client 
being stored in one slot. 

[0066] The registration information includes a MAC 
address of a client, a client name which a user can set 

5 as desired and a registration time and data. As options, 
identification data different from the MAC address may 
be stored, e.g., a unique identifier such as a GUID (Glo- 
bal Unique Identifier), key data set to a client apparatus, 
or the like. The stored data is data contained in the pack- 

10 et (Ethernet frame) transmitted from each client in the 
registration process. The server acquires registration in- 
formation in the packet (Ethernet frame) transmitted 
from a client and executes the registration process for 
the MAC list. 

15 [0067] Fig. 5 shows the format of an Ethernet frame. 
The Ethernet frame is partitioned into a header field, a 
data field and a trailer field. The header field contains a 
sync signal, a packet start code, a destination MAC ad- 
dress, a sender MAC address, a packet length and a 

20 packet type. 

[0068] The data field contains data generated in con- 
formity with, for example, the TCP/IP communication 
protocol, and stores, for example, an IP packet contain- 
ing sender/destination addresses. The MAC address in- 

25 formation of the registered data in the MAC list shown 
in Fig. 4 is acquired from the sender MAC address set 
to the header field of the Ethernet frame shown in Fig. 
5, whereas other information is acquired from the data 
stored in the data field. This information is received at 

30 the server for executing the registration process, i.e., the 
server received the Ethernet frame (packet), which in 
turn reads necessary information from the packet to ex- 
ecute the registration process for the MAC list. 
[0069] As described earlier, information of one client 

35 is stored in one slot of the MAC list shown in Fig. 4. The 
number of slots may be set as desired by a user. When 
the client information is registered at the server, it is 
checked whether or not there is an empty slot, and if 
there is an empty slot, the client information can be reg- 

40 istered newly. In the example shown in Fig. 4, the 
number of set slots is three #1 to #3. The slot number 
#4 and subsequent slots are in a close state so that three 
clients at the maximum can be registered. 
[0070] When a user executes the registration process 

45 by connecting a new client to the network, an empty slot 
is generated in the MAC list of the server. In the state 
shown in Fig. 4, the slots with slot Nos. #1 and #2 are 
already registered, the slot with slot No. #3 is set as an 
empty slot, and only one client can be newly registered 

50 in the slot with slot No. #3. The configuration may be 
adopted in such a way that, after an empty slot is set, 
the empty slot may be automatically closed. This struc- 
ture is to prevent illegal registration by a third party ap- 
paratus not anticipated by a user. This process will be 

55 later described. 
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[Client Registration Process for MAC List] 

[0071 ] Next, with reference to the process flow shown 
in Fig. 6. description will be made on the basic sequence 
of the registration procedure for the MAC list by a client, s 
[0072] The left side shows the client process of exe- 
cuting a registration request for the MAC list, and the 
right side shows the server process of executing the reg- 
istration process for the MAC list upon reception of the 
registration request from the client. io 
[0073] At Step S111 as the client executes either a 
process of turning ON the power of an apparatus or a 
process of activating a predetermined application such 
as an execution application for services using a home 
network, by using this process as a trigger a registration is 
processing request packet Is automatically transmitted 
to the server at Step S112. 

[0074] Namely, in accordance with a program stored 
in a storage unit, the control unit, i.e., CPU 301 in the 
hardware structure example shown in Fig. 2, of the in- 20 
formation processing apparatus as the client detects 
one of the process of turning ON the power of an appa- 
ratus or the process of activating a predetermined ap- 
plication such as an execution application for services 
using a home network. By using this detection informa- 25 
tion as a trigger, the registration processing request 
packet, i.e., an access control list registration process- 
ing request packet having a MAC address in the header 
and explicitly indicating the registration request for the 
MAC list possessed by the server is generated and au- 30 
tomatically transmitted to the server. 
[0075] Fig. 7 shows an example of the main structure 
of a data field of message data to be transmitted when 
the registration request is issued. ''B-POST*HTTP/1.r' 
indicates that the message format is Ver.1.1 of HTTP. 35 
"HOST: 192. 254. 255: 3536" indicates a broadcast 
host IP address and a port number. "Content-Type : ap- 
plication/..." and "Content-Length : 65" indicate a con- 
tent type and a content length. "Broadcast SNAC" indi- 
cates broadcast transmission In conformity with a spe- 40 
clfic network access control (SNAC). "Method : Regis- 
ter" indicates that an execution method to be executed 
for the packet is a registration method. 
[0076] In addition to the above-described data, the cli- 
ent name, ID infonmation such as QUID, key information ^5 
or the like contained in the registration data of the MAC 
list shown in Fig. 4 may be included in the data field. 
Data to be stored In the packet which Is transmitted for 
the registration process may be defined in accordance 
with which data Is to be stored in the MAC list on the so 
server side. The client executes a process of generating 
and transmitting the registration processing request 
packet storing the data matching the definition informa- 
tion, in response to turning on the power of the appara- 
tus or activating an execution application for services ss 
using a home network. 

[0077] Reverting to the process flow shown in Fig. 6, 
description continues on the client information reglstra- 
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tion sequence for the MAC list. At Step SI 21 the packet 
transmission/reception unit 501 shown in Fig. 3 receives 
the registration processing request packet containing 
the above-described data transmitted from the client, 
and the packet generation/analysis unit 502 analyzes 
the packet to judge that the packet is the registration 
processing request packet, and the registration permis- 
sion judgment unit 503 judges whether or not the regis- 
tration is permitted. 

[0078] At Step SI 22 the server refers to the MAC list 
in its storage unit 505 to judge whether or not the data 
corresponding to the sender MAC address contained in 
the received packet is already registered, and If it is 
judged that the data is already registered, the process 
is terminated. In this case, the configuration may be 
adopted to execute a process of transmitting to the client 
side a response message notifying that the data is al- 
ready registered. 

[0079] If it is judged at Step SI 22 that the data corre- 
sponding to the sender MAC address contained in the 
received packet Is not registered in the MAC list in its 
storage unit 505, then at Step SI 23 it is judged whether 
or not there is an empty slot capable of registering data 
in the MAC list. If there is no empty slot, the process is 
terminated because the registration process for a new 
client cannot be executed. In this case, the configuration 
may be adopted to execute a process of transmitting to 
the client side a response message notifying registration 
Inability. 

[0080] If It is judged at Step 8123 that the MAC list 
has an empty slot capable of registering data, then at 
Step SI 24 the registration processing unit 504 shown 
in Fig. 3 executes a process of acquiring the sender 
MAC address in the header field and the registration in- 
formation in the data field respectively contained In the 
registration processing request packet received from 
the client, and registers them In the empty slot of the 
MAC list. 

[0081] With the above processes, the registration 
process of registering the client in the MAC list by the 
server is completed. The client registered in the MAC 
list transmits the data processing request to the server 
by using a packet such as the already described Ether- 
net frame (refer to Fig. 5). The data processing permis- 
sion judgment unit 506 (refer to Fig. 3) of the server ac- 
quires the sender MAC address from the header Infor- 
mation of the Ethernet frame, and compares It with the 
registration infomriatlon In the MAC list stored in the stor- 
age unit 505. If it coincides with the registered MAC ad- 
dress, the data processing unit 507 executes a request 
process, e.g., provides contents or the like. 
[0082] If the sender MAC address in the header infor- 
mation of the data processing request frame received 
from the client is not registered In the MAC list stored in 
the storage unit 505, It is judged that the process request 
was transmitted from an unauthorized client, and the re- 
quest process of the client will not be executed. 
[0083] The registration process of registering the cll- 
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ent in the MAC list described with reference to Fig. 6 is 
basically as an automatic registration process of auto- 
matically registering the client information if there is an 
empty slot. Instead, the configuration may be adopted 
to execute a process of registering the client information 
in the MAC list after a user judges whether or not the 
registration is permitted. In this case, a user Judgment 
Step is executed between Steps S123 and SI 24 in the 
process Steps shown in Fig. 6. For example, packet in- 
formation received at the server is displayed on a dis- 
play, and only when a user judges that the registration 
is permitted, in accordance with the displayed informa- 
tion, a registration execution command is input from an 
Input means to register the client information in the MAC 
list under the condition that the user inputs the registra- 
tion execution command. With this configuration, a se- 
curer registration process becomes possible. 

[Automatic Close Process for Empty Slot] 

[0084] Next, description wilt be made on a process of 
setting an empty slot in the MAC list and closing the 
empty slot, to be executed by the server storing the MAC 
list. As described earlier, the MAC list is set In the stor- 
age unit of the server In the slot unit base, each slot stor- 
ing information of one client. 

[0085] The process of setting an empty slot and clos- 
ing the empty slot can be executed by a user. If the emp- 
ty slot is set and maintained for a long time and the 
above-described automatic registration process without 
user confirmation is executed, there is a possibility of an 
unauthorized registration process by a third party. In or- 
der to inhibit this situation, a process is executed which 
automatically closes the set empty slot after a lapse of 
a threshold time. Namely, the control unit of the server 
storing the MAC list measures a lapse time from when 
an empty slot Is set to the MAC list, and executes a close 
process under the condition that the measured time ex- 
ceeds a preset threshold time. 

[0086] With reference to the flow shown in Fig. 8. de- 
scription will be made on the process of setting an empty 
slot and automatically closing the empty slot. At Step 
8201 a user sets an empty slot to the MAC list. In gen- 
eral, when a user connects a new client apparatus or 
apparatuses to the network, the user sets empty slots 
corresponding in number to the number of apparatuses 
to be newly connected. By setting only the necessary 
number of slots and not setting unnecessary empty 
slots, only the apparatuses managed by the user can 
be registered in the MAC list. 

[0087] After an empty slot is set at Step S201, the 
server waits for a registration processing request pack- 
et. This packet is the same as the registration process- 
ing request packet from the client described with refer- 
ence to the flow shown in Fig. 6. and the packet auto- 
matically transmitted, for example, in response to power 
ON by the client or application activation. 
[0088] The server measures a lapse time from when 
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the empty slot is set at Step S201 , and at Step S203 the 
lapse time is compared with a preset threshold time. If 
the registration processing request packet is received 
from the client before the threshold time at Step 204, 

5 then at Step S205 the server acquires the registration 
information such as a MAC address from the registration 
processing request packet and executes a process of 
registering the acquired registration information in the 
empty slot of the MAC list. 

10 [0089] If the registration processing request packet Is 
not received from the client before the threshold time, 
the flow advances to Step S206 whereat the close proc- 
ess for the empty slot in the MAC list is executed. With 
this close process, it becomes that no empty slot exists 

15 in the MAC list. Therefore, even if the server receives a 
registration request from the third party, the registration 
process will not be executed erroneously so that It is 
possible to prevent an unauthorized data processing re- 
quest from being acknowledged. 

20 

[Registration Process Responsive to Data Processing 
Request] 

[0090] The registration process of registering a new 

25 client In the MAC list described earlier with reference to 
Fig. 6 is executed when the server receives the regis- 
tration processing request packet requesting for a reg- 
istration process. The configuration may be adopted to 
not only execute a process of registering client informa- 

30 tion in the MAC list in response to this explicit registra- 
tion response, but also makes the server automatically 
register a client in the MAC list when a general data 
processing request is received from the client, e.g., a 
content acquisition request packet for video data, music 

35 data or the like stored in a storage means of the server. 
[0091] In the following, with reference to the flow 
shown in Fig. 9, description will be made on a procedure 
of registering a data processing request client in the 
MAC list in response to a general data processing re- 

40 quest from the client received at the server. 

[0092] First, upon reception of a registration process- 
ing request packet or a data processing request packet 
from a client at Step S301 , at Step S302 the server judg- 
es whether or not the received packet is a registration 

45 processing request packet or a data processing request 
packet. 

[0093] If the received packet is the registration 
processing request packet, it is judged at Step S303 
whether or not there is an empty slot in the MAC list. If 

50 there is an empty packet, registration information is ac- 
quired from the received packet to thereafter execute 
the registration process. These processes correspond 
to the processes described with reference to Fig. 6. 
[0094] On the other hand, if it is judged in the packet 

55 type judgment process at Step S302 that the received 
packet is the data processing request packet, then it is 
judged at Step S305 whether or not the sender MAC 
address contained in the header information of the data 
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processing request packet is already registered in the 
MAC list stored in the storage unit. This process is ex- 
ecuted by the data processing permission judgment unit 
506 shown in Fig. 3. 

[0095] If the sender MAC address is already regis- s 
tered in the MAC list, it means that the data processing 
request was transmitted from the registered client. 
Therefore, a process corresponding the request is exe- 
cuted at Step S306. This data processing is executed 
by the data processing unit 507 shown in Fig. 3. 
[0096] If It is judged at Step S305 that the sender MAC 
address contained in the header information of the data 
processing request packet is not registered in the MAC 
list stored in the storage unit, then it is judged at Step 
S307 whether or not there Is an empty slot in the MAC 
list. If there is an empty slot, at Step S308 registration 
information such as the sender MAC address is ac- 
quired from the received packet to thereafter execute 
the registration process. After the registration, at Step 
S306 the client request process is executed to thereafter 
terminate the process. 

[0097] With the above-described configuration that 
the server executes a process of registering a client still 
not registered in response to the general data process- 
ing request received from a client, the client can be reg- 
istered in the MAC list without involving a special regis- 
tration processing request packet transmission/recep- 
tion process. 

[0098] In the above description, the registration proc- 
ess of registering client information in the MAC list de- 
scribed with reference to Fig. 9 is basically an automatic 
registration process if there is an empty slot. Similar to 
the process responsive to the registration processing re- 
quest packet described previously with reference to Fig. 
6, the configuration may be adopted to execute the MAC 
list registration process after a user judges whether or 
not the registration is permitted. In this case, a user judg- 
ment Step is executed between Steps S307 and S308 
in the process Steps shown In Fig. 9. For example, pack- 
et information received at the server Is displayed on a 
display, and only when a user judges that the registra- 
tion is permitted, in accordance with the displayed infor- 
mation, a registration execution command is input from 
an input means to register the client Information in the 
MAC list under the condition that the user inputs the reg- 
istration execution command. With this configuration, a 
securer registration process becomes possible. 

[Registration Process for UPnP Protocol Compliant 
Packet] 

[0099] When the server executes the MAC list regis- 
tration process in response to the registration process- 
ing request packet or data processing request packet 
from a client, the server is required to recognize that the 
registration processing request packet or data process- 
ing request packet from a client is a packet in conformity 
with a specific network access control (SNAC). There- 



20 

fore, for an apparatus unable to transmit a packet in con- 
formity with the specific network access control (SNAC), 
the above-described MAC list registration process re- 
sponsive to a received packet is impossible. 
[0100] As described earlier, Universal Plug and Play 
(UPnP) compliant simple apparatuses capable of net- 
work connections are often connected to a home net- 
work or the like. A number of UPnP compliant appara- 
tuses are manufactured by a variety of makers and exist 
already. 

[0101] In the following, description will be made on an 
example of the configuration which allows a MAC list 
automatic registration of an UPnP compliant apparatus 
unable to transmit a packet in conformity with the spe- 
cific network access control (SNAC). 
[0102] In this embodiment, the server analyzes a 
process to be executed in accordance with a packet re- 
ceived from a client and judges whether or not the se- 
quence following the UPnP protocol is executed correct- 
ly and reliably. Under the judgment condition that the 
sequence following the UPnP protocol is executed cor- 
rectly and reliably, the MAC list registration process of 
the UPnP compliant apparatus is executed. As the judg- 
ment condition, the condition such that the sequence fol- 
lowing a UPnP AV protocol is executed correctly and 
reliably may be adopted. In this case, registration from 
lighting equipments can be excluded, the lighting equip- 
ments being supposed to have a possibility of mounting 
the UPnP protocol and not to mount the UPnP AV pro- 
tocol. 

[0103] Fig. 10 is a flow chart illustrating the process 
sequence by the server according to this embodiment. 
At Step S401 the server receives a processing request 
packet from a client, and judges at Step S402 whether 
or not the process sequence following the UPnP proto- 
col Is executed correctly and reliably. 
[01 04] As described earlier, the process sequence fol- 
lowing the UPnP protocol is constituted fundamentally 
of the following steps. 

(1) An addressing process of acquiring its own de- 
vice ID such as an IP address. 

(2) A discovery process of searching each device 
on a network and receiving a response from each 
device to acquire information such as a device type 
and a function contained in the response. 

(3) A service request process of requesting each 
device for services in accordance with the informa- 
tion acquired by the discovery process. 

[0105] If these process steps are executed correctly 
and reliably, the server judges that the client apparatus 
is compliant with the authorized UPnP and that the ap- 
paratus can be registered in the MAC list. If the above- 
described processes (1) to (3) are not executed, the 
server judges that the apparatus is not permitted to be 
registered (S402 : NO) to terminate the process. 
[0 1 06] If it is judged that the above-described process 
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steps are executed correctly and reliably and that the 
client apparatus is compliant with the authorized UPnP, 
then it is judged at Step S403 whether or not the sender 
MAC address contained in the header information of the 
data processing request packet is already registered in 
the MAC list stored in the storage unit. This process is 
executed by the data processing permission judgment 
unit 506 shown in Fig. 3. 

[0107] If the sender MAC address is already regis- 
tered in the MAC list, the data processing request was 
transmitted from a registered client. Therefore, at Step 
S406 the process corresponding to the request is exe- 
cuted. The data processing is executed by the data 
processing unit 507 shown in Fig. 3. 
[0108] If it is judged at Step S403 that the sender MAC 
address contained in the header information of the data 
processing request packet is not registered in the MAC 
list stored in the storage unit, then it is judged at Step 
S404 whether or not there is an empty slot in the MAC 
list. If there is an empty slot, at Step S405 registration 
information is acquired from the received packet to ex- 
ecute the registration process. After the registration, at 
Step S406 the request process of the client is executed 
to thereafter terminate the process. 
[0109] According to the embodiment described 
above, even a client apparatus unable to transmit a 
packet in conformity with the specific network access 
control (SNAC) can be automatically registered in the 
MAC list, if the apparatus is compliant with the Universal 
Plug and Play (UPnP) and the sequence following the 
UPnP protocol is executed correctly and reliably. It is 
therefore possible to generate the MAC list without bur- 
dening a user. 

[0110] Various judgment levels may be set for the 
serverjudgment of whether ornot the process sequence 
following the UPnP protocol is executed correctly and 
reliably. For example, in a server for executing content 
provision services, the MAC list registration condition is 
set as the condition that a process up to a content list 
request process following the UPnP protocol, i.e., a so- 
called content directory service (CDS) request process, 
is executed. 

[0111] Namely, in the server for executing content 
provision services, if the content list request process fol- 
lowing the UPnP protocol, i.e., so-called content direc- 
tory service (CDS) request process, is executed in the 
process sequence following the UPnP protocol, then it 
is judged that the client is to be registered in the MAC 
list stored in the server, and the registration process is 
executed. If the content directory service (CDS) request 
process is not executed, it is judged that the client is not 
to be registered in the MAC list stored in the server, and 
the registration process is not executed. 
[0112] As described above, the MAC list registration 
is executed under the condition that the UPnP protocol 
sequence corresponding to the services provided by the 
server is executed. It is therefore possible to avoid an 
unnecessary registration process such as registering a 



client apparatus unnecessary for list registration in the 
MAC list. 

[Authentication Based on Identifier (ID) and Key 
5 Information] 

[0113] As previously described with reference to Fig. 
4, in addition to the MAC address, client name and reg- 
istration time and date, a GUID as a global unique iden- 
tifier and unique key information data set to an appara- 
tus can be stored as options of the client registration 
information in the MAC list. 

[0114] The identification information of this kind other 
than the MAC address is used for realizing securer man- 
agement. The MAC address is generally 4d-bit data 
which can be acquired by any general user by checking 
the apparatus and is not basically secret. It cannot there- 
fore be said that registration of an unauthorized appa- 
ratus in the MAC list will not occur. An illegal action may 
be effected by identity theft of an authorized client ap- 
paratus and by using the MAC address of the authorized 
apparatus as that of an unauthorized apparatus. 
[0115] High level security management can be real- 
ized not by adopting only the 48-bit MAC address having 
a relatively small data amount as the client confirmation 
condition data, but by adopting additionally identification 
data having a larger data amount, data having a small 
leak possibility, or the like as the client confirmation. 
[0116] A client which issues a registration request 
transmits the registration processing request packet or 
data processing request packet by storing, in its data 
field, GUID (e.g., data of 128 bits or more) as the global 
unique identifier or unique key information data set to 
the apparatus. The server acquires the MAC address, 
client name and registration time and date as well as 
GUID or unique key information data set to the appara- 
tus stored in the data field, and sets the acquired data 
in the MAC list as the registration information. 
[0117] For the data processing request from a client 
after the registration, the client generates the data 
processing request packet storing the registered identi- 
fication data such GUID and key information and trans- 
mits it to the server. The server acquires the MAC ad- 
dress and identification data such as GUID and key in- 
formation contained in the data processing request 
packet, and judges whether or not the acquired data co- 
incides with the data registered in the MAC list, and only 
when the coincidence is confirmed, services are provid- 
ed. 

[0118] With reference to Fig. 11, description will be 
made on a process sequence by the server which exe- 
cutes service provision under the condition of verifica- 
tion of identification information other than the MAC ad- 
dress. 

[0119] Upon reception of a data processing request 
packet from a client at Step 8501. the sender MAC ad- 
dress set to the header field of the packet and the iden- 
tification information such as GUID and key information 
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stored in the data field are acquired at Step S502. At 
Step S503 verification is performed between the sender 
MAC address set to the header field of the packet and 
the registration information registered in the MAC list. If 
there is no coincidence, it is judged that the processing 5 
request was transmitted from a client not registered, and 
the process is terminated without executing the request 
process. 

[0120] If verification of the MAC address succeeds 
because coincident information exists, at Step S504 a io 
verification process is executed between the identifica- 
tion information stored in the data field of the packet and 
the identification information in the same slot as that 
storing the verification MAC address in the MAC list. 
[0121] If there is no coincidence of the identification is 
information, it is judged that the processing request was 
transmitted from an unauthorized client, and the proc- 
ess is terminated without executing the request process. 
If there is a coincidence of the identification information, 
at Step S505 the request process of the client is execut- 20 
ed. 

[0122] With the above-described processes, the serv- 
er received a data processing request can execute client 
confirmation by using not only the MAC address but also 
identification data having a large data amount, data hav- 25 
ing a small leak possibility or the like. High level security 
management is therefore possible. 
[0123] In the above-described embodiment, although 
the MAC address has been described as client identifi- 
cation information, the client identification information 30 
may be information capable of identifying a device, such 
as an ID of a CPU. a serial number or nickname of a 
device or the like. 

[0124] The present invention has been described in 
detail with reference to specific embodiments. It is ob- 35 
vious that modifications and substitutions of the embod- 
iment can be made by those skilled in the art without 
departing from the gist of the present invention. Namely, 
the present invention has been disclosed illustratively 
and should not be construed limitatively. In order to de- 40 
cide the gist of the present invention. Claims described 
in the opening should be taken into consideration. 
[0125] The above-described series of processes de- 
scribed in the specification may be realized by hard- 
ware, software or the composite structure of both. If a 45 
series of processes are to be realized by software, the 
program writing the process sequence can be installed 
in a memory of a computer assembled with dedicated 
hardware to make the program be executed, or in a gen- 
eral computer capable of executing various processes so 
to make the program be executed. 
[0126] For example, the program may be recorded 
beforehand in a hard disc or a ROM (Read Only Mem- 
ory) as a recording medium. Alternatively, the program 
may be stored (recorded) temporarily or permanently in ss 
a removable recording medium such as a flexible disc, 
a CD-ROM (Compact Disc Read Only Memory), an MO 
(Magneto optical) disc, a DVD (Digital Versatile Disc) a 



magnetic disc and a semiconductor memory, these re- 
movable recording media may be supplied as so-called 
package software. 

[0127] The program may be installed in a computer 
from the above-described removal recording medium, 
or wireless transferred to a computer from a download 
site, or wlred-transferred to a computer via a network 
such as a LAN (Local Network) and the Internet. The 
computer receives the program transferred in this man- 
ner and installs it in a recording medium such as a built- 
in hard disc. 

[0128] Various processes described in the specifica- 
tion may be executed not only time sequentially in the 
order of written statements but also parallel or independ- 
ently in accordance with a processing ability of an ap- 
paratus executing processes or when necessary. In the 
specification, a system is a plurality of configurations of 
apparatus logical collections, and is not limited to a sys- 
tem that apparatuses of each configuration are accom- 
modated in the same housing. 

Industrial Applicability 

[0129] As described so far, according to the configu- 
ration of the present invention, the MAC list registration 
processing request packet is automatically transmitted 
by using as a trigger either a power-on process of the 
power source of a client apparatus connected to the net- 
work or an activation process of a specific application, 
e.g.. an execution application for services using a home 
network. On the server side, information such as a MAC 
address is acquired from the received packet and reg- 
istered, in accordance with the state of an empty slot in 
the MAC list. It is therefore possible to generate the MAC 
list as the access control list easily and efficiently without 
burdening a user. 

[0130] Further, according to the configuration of the 
present invention, if the registration processing request 
packet is not received before a lapse of a threshold time 
after an empty slot is set to the MAC list of the server, 
the close process for the empty slot in the MAC list is 
executed. Therefore, the empty slot in the MAC list is 
not maintained for a long time and the registration proc- 
ess is not executed erroneously even if the server re- 
ceives the registration request from the third party. It is 
therefore possible to prevent an unauthorized data 
processing request from being acknowledged. 
[0131] Further according to the configurafion of the 
present invention, the server side executes a process 
of registering a client still not registered, in response to 
an ordinary data processing request received from a cli- 
ent. It is therefore possible to register the client in the 
MAC list without using the registration processing re- 
quest packet. 

[0132] Further according to the configuration of the 
present invention, even if the client is an apparatus un- 
able to transmit a packet in conformity with a specific 
network access control (SNAC) and is a Universal Plug 
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and Play (UPnP) compliant apparatus, the client can be 
automatically registered in the MAC list if the sequence 
in conformity with the UPnP protocol is executed cor- 
rectly and reliably, so that the MAC list can be generated 
without burdening a user. 

[0133] Further, according to the configuration of the 
present invention, a global unique ID GUID or unique 
key information data set to an apparatus is stored as 
registration information of the MAC list, and the server 
received the data processing request executes client 
authentication by using not only the MAC address but 
also the identification data such as GUID and key infor- 
mation. High level security management can therefore 
be realized. 



Claims 

1. An information processing apparatus for executing 
a process of generating an access control list, char- 
acterized by comprising: 

a reception unit for receiving a packet from a 
client that serves as an access requesting ap- 
paratus; 

a storage unit storing a MAC list in which infor- 
mation of a MAC list for one client is set as reg- 
istration data for one slot; 
a registration permission judgment unit for con- 
firming whether or not there is an empty slot in 
the MAC list and judging as that a registration 
is permitted only if there is the empty slot, in a 
client registration process based on a received 
packet at the reception unit; and 
a registration processing unit for acquiring data 
containing a client MAC address from the re- 
ceived packet and executing a registration 
process for the MAC list, in accordance with a 
judgment of the registration permission by the 
registration permission judgment unit. 

2. The information processing apparatus according to 
claim 1, characterized in that: 

the registration processing unit is configured to 
acquire a sender MAC address contained in a 
header field of the packet received from the cli- 
ent and adopts the acquired sender MAC ad- 
dress as registration information of the MAC 
list. 

3. The information processing apparatus according to 
claim 1 , characterized by further comprising: 

a packet analysis unit for judging whether the 
packet received from the client is a registration 
processing request packet or a data processing 
request packet; and 



characterized in that: 

if the packet received from the client is the reg- 
istration processing request packet, the regis- 
5 tration permission judgment unit executes a 

registration permission judgment process in ac- 
cordance with a presence/absence detection 
process for the empty slot in the MAC address; 
and 

^0 the registration processing unit executes a reg- 

istration process in accordance with the judg- 
ment of the registration permission by the reg- 
istration permission judgment unit. 

15 4. The information processing apparatus according to 
claim 1 , characterized in that: 

if the packet received from the client is the data 
processing packet, the registration permission 

20 judgment unit executes the registration permis- 

sion judgment process in accordance with the 
presence/absence detection process for the 
empty slot in the MAC address; and 
the registration processing unit executes the 

25 registration process for the MAC list in accord- 

ance with the judgment of the registration per- 
mission by the registration permission judg- 
ment unit, by acquiring the data containing the 
client MAC address from the received data 

30 processing request packet. 

5. The information processing apparatus according to 
claim 1, characterized by further comprising: 

35 a control unit for executing a close process for 

the empty slot under a condition that a lapse 
time from a setting process for the empty slot 
in the MAC list exceeds a predetermined 
threshold time. 

40 

6. The information processing apparatus according to 
claim 1, characterized in that: 

the registration permission judgment unit is 
45 confiugred to execute a process of judging 

whether or not a data processing request se- 
quence from the client correctly and reliably ex- 
ecutes a sequence in conformity with a UPnP 
protocol; and 

50 the registration processing unit is configured to 

execute the registration process for the MAC 
list in accordance with a judgment that the data 
processing request sequence from the client 
correctly and reliably executes the sequence in 

55 conformity with a UPnP protocol, by acquiring 

the data containing the client MAC address 
from the received data processing request 
packet. 
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7. The Information processing apparatus according to 12. The information processing apparatus according to 
claim 1, characterized in that: ctaim 10. characterized in that: 



the registration permission judgment unit judg- 
es whether a content directory service (CDS) 
request process in the sequence in conformity 
with the UPnP protocol is executed or not in re- 
sponse to a data processing request from the 
client; and 

the registration processing unit is configured to 
execute the registration process for the MAC 
list In accordance with a judgment that the con- 
tent directory service (CDS) request process Is 
executed, by acquiring the data containing the 
client MAC address from the received data 
processing request packet. 

8. The information processing apparatus according to 
claim 1, characterized in that: 

the registration processing unit is configured to 
execute the registration process for the MAC 
list by acquiring the MAC address and identifi- 
cation information different from the MAC ad- 
dress stored in the packet received from the cli- 
ent. 

9. The information processing apparatus according to 
claim 8, characterized in that: 

the identification information different from the 
MAC address is identification information of 
global unique ID information or key information 
set to a client apparatus. 

10. An information processing apparatus that serves as 
a client for executing an access request to a server 
connected to a network, characterized by compris- 
ing: 

a control unit for executing a process of gener- 
ating and transmitting an access control list 
registration processing request packet explicit- 
ly indicating a registration request in a MAC list 
possessed by the server, by storing own MAC 
address in header information. 

11. The information processing apparatus according to 
claim 10, characterized In that: 

the control unit Is configured to execute a proc- 
ess of generating a packet storing the identifi- 
cation information of the global unique ID infor- 
mation or the key Information set to the client 
apparatus, in a process of generating the ac- 
cess control list registration processing request 
packet. 



the control unit is configured to transmit the ac- 
5 cess control list registration processing request 

packet by broadcast transmission or multicast 
transmission. 

13. A server client system including a server for receiv- 
10 ing an access request and a client for executing the 
access request, characterized in that: 

the client is configured to execute a transmis- 
sion process by generating an access control 
^5 list registration processing request packet stor- 

ing own MAC address in header information, 
under a condition of a power-on process of an 
information processing apparatus or a specific 
application activation process; and 
20 the server is configured to receive the access 

control registration processing request packet 
from the client, confirm whether or not there is 
an empty slot in a MAC list which sets informa- 
tion including a MAC address of one client as 
25 registration data for one slot, and execute a 

registration process of registering client infor- 
mation based on the packet in the MAC list, only 
if there is the empty slot. 

30 14. The client server system according to claim 13, 
characterized in that: 

the server is configured to execute a process 
of acquiring a sender MAC address contained 
35 in a header filed on a packet received from the 

client and adopt the acquired sender MAC ad- 
dress as registration information for the MAC 
list. 

40 15. An information processing method of executing a 
process of generating an access control list, char- 
acterized by comprising: 

a reception step of receiving a packet from a 
45 client that serves as an access requesting ap- 

paratus; 

a registration permission judgment step of judg- 
ing whether or not there is an empty slot in a 
MAC list in which information of a MAC list for 
50 one client is set as registration data for one slot; 

and 

a registration processing step of acquiring data 
containing a client MAC address from the re- 
ceived packet and executing a registration 
55 process for the MAC list, in accordance with a 

judgment at the registration permission judg- 
ment step that there is the empty slot. 
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16. The information processing method according to 
claim 15, characterized in that: 

the registration processing step execute a proc- 
ess of acquiring a sender MAC address con- 5 
tained in a header field of the packet received 
from the client, and adopting the acquired send- 
er MAC address as registration information of 
the MAC list. 

10 

17. The information processing method according to 
claim 15, characterized by further comprising: 

a packet analysis step of judging whether the 
packet received from the client is a registration ^5 
processing request packet or a data processing 
request packet; and 

characterized in that: 

20 

if it is judged at the packet analysis step that 
the packet received from the client is the regis- 
tration processing request packet, the registra- 
tion permission judgment step executes a reg- 
istration permission Judgment process in ac- 25 
cordance with a presence/absence detection 
process for the empty slot In the MAC address. 

18. The information processing method according to 
claim 15, characterized in that: 30 

If the packet received from the client is the data 
processing packet, the registration permission 
judgment step executes the registration per- 
mission judgment process in accordance with 35 
the presence/absence detection process for 
the empty slot in the MAC address; and 
the registration processing unit step executes 
the registration process for the MAC list in ac- 
cordance with the judgment of the registration 40 
permission by the registration permission judg- 
ment unit, by acquiring the data containing the 
client MAC address from the received data 
processing request packet. 

45 

19. The information processing method according to 
claim 15, characterized by further comprising: 

a control step of executing a close process for 
the empty slot under a condition that a lapse so 
time from a setting process for the empty slot 
in the MAC list exceeds a predetermined 
threshold time. 

20. The information processing method according to ss 
claim 15, characterized in that: 

the registration permission judgment step in- 
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^ -pr- 
eludes a step of judging whether or not a data 
processing request sequence from the client 
correctly and reliably executes a sequence in 
conformity with a UPnP protocol: and 
the registration processing step executes the 
registration process for the MAC list by acquir- 
ing the data containing the client MAC address 
from the packet received from the clientin in ac- 
cordance with a judgment that the data 
processing request sequence from the client 
correctly and reliably executes the sequence in 
conformity with a UPnP protocol.. 

21. The information processing method according to 
claim 15, characterized in that: 

the registration permission judgment step in- 
cludes a step of judging whether a content di- 
rectory service (CDS) request process in the 
sequence in conformity with the UPnP protocol 
is executed or not in response to a data 
processing request from the client; and 
the registration processing step executies the 
registration process for the MAC list in accord- 
ance with a judgment that the content directory 
service (CDS) request process is executed, by 
acquiring the data containing the client MAC 
address from the packet received from the cli- 
ent. 

22. The information processing method according to 
claim 15, characterized in that: 

the registration processing step executes the 
registration process for the MAC list by acquir- 
ing the MAC address and identification informa- 
tion different from the MAC address stored in 
the packet received from the client. 

23. The information processing method according to 
claim 22, characterized in that: 

the identification information different from the 
MAC address is identification information of 
global unique ID information or key information 
set to a client apparatus. 

24. An information processing method for an informa- 
tion processing apparatus that serves as a client for 
executing an access request to a server connected 
to a network, characterized by comprising: 

a trigger detection step of detecting as trigger 
information a power-on process of the informa- 
tion processing apparatus or a specific applica- 
tion activation process; and 
a packet generation and transmission process 
step of generating and transmitting an access 
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control list registration processing request 
packet explicitly indicating a registration re- 
quest in a MAC list possessed by the server, 
under a condition that the trigger information is 
detected, by storing own MAC address in head- 5 
er information. 



packet explicitly indicating a registration re- 
quest in a MAC list possessed by the server, 
under a condition that the trigger information is 
detected, by storing own MAC address in head- 
er information. 



Amended claims under Art. 19.1 POT 

10 1. (Amended) 

An information processing apparatus for con- 
necting to a network to which a plurlaity of devices 
are connected, and executing a process of gener- 
ating an access control list, characterized by com- 

15 prising: 

a reception unit for receiving a packet from a 
client that serves as an access requesting ap- 
paratus through the network; 

20 a storage unit storing a MAC list in which infor- 

mation of a MAC list for one client is set as reg- 
istration data for one slot; 
a registration permission judgment unit for con- 
firming whether or not there is an empty slot in 

25 the MAC list and judging as that a registration 

is permitted only if there is the empty slot, in a 
client registration process based on a received 
packet at the reception unit; and 
a registration processing unit for acquiring data 

30 containing a client MAC address from the re- 

ceived packet and executing a registration 
process for the MAC list, in accordance with a 
judgment of the registration permission by the 
registration permission judgment unit. 

35 

2. (No Amendment) 

The information processing apparatus ac- 
cording to claim 1 , characterized in that: 

^0 the registration processing unit is configured to 

acquire a sender MAC address contained in a 
header field of the packet received from the cli- 
ent and adopts the acquired sender MAC ad- 
dress as registration information of the MAC 

45 list. 



25. The information processing method according to 
claim 24, characterized in that: 

the packet generation and transmission proc- 
ess step executes a process of generating a 
packet storing the identification information of 
the global unique ID information or the key in- 
formation set to the client apparatus, in a proc- 
ess of generating the access control list regis- 
tration processing request packet. 

26. The information processing method according to 
claim 24, characterized in that: 

the packet generation and transmission proc- 
ess step transmites the access control list reg- 
istration processing request packet by broad- 
cast transmission or multicast transmission. 

27. A computer program for executing a process of gen- 
erating an access control list, characterized by 
comprising: 

a reception step of receiving a packet from a 
client that serves as an access requesting ap- 
paratus; 

a registration permission judgment step of judg- 
ing whether or not there is an empty slot in a 
MAC list in which information of a MAC list for 
one client is set as registration data for one slot; 
and 

a registration processing step of acquiring data 
containing a client MAC address from the re- 
ceived packet and executing a registration 
process for the MAC list, in accordance with a 
judgment at the registration permission judg- 
ment step that there is the empty slot. 

28. A computer program for executing an information 
processing method for an information processing 
apparatus that serves as a client for executing an 
access request to a server connected to a network, 
characterized by comprising: 



3. (No Amendment) 

The information processing apparatus ac- 
cording to claim 1, characterized by further com- 
50 prising: 



a trigger detection step of detecting as trigger 
information a power-on process of the informa- 
tion processing apparatus or a specific applica- 
tion activation process; and 55 
a packet generation and transmission process 
step of generating and transmitting an access 
control list registration processing request 



a packet analysis unit for judging whether the 
packet received from the client is a registration 
processing request packet or a data processing 
request packet; and 

characterized in that: 
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if the packet received from the client is the reg- 
istration processing request packet, the regis- 
tration permission judgment unit executes a 
registration permission judgment process in ac- 
cordance with a presence/absence detection 5 
process for the empty slot in the MAC address; 
and 

the registration processing unit executes a reg- 
istration process in accordance with the judg- 
ment of the registration permission by the reg- 
istration permission judgment unit. 

4. (No Amendment) 

The Information processing apparatus ac- 
cording to claim 1« characterized in that: 15 

if the packet received from the client is the data 
processing packet, the registration permission 
Judgment unit executes the registration permis- 
sion judgment process in accordance with the 20 
presence/absence detection process for the 
empty slot In the MAC address; and 
the registration processing unit executes the 
registration process for the MAC list in accord- 
ance with the judgment of the registration per- 25 
mission by the registration permission judg- 
ment unit, by acquiring the data containing the 
client MAC address from the received data 
processing request packet. 

30 

5. (No Amendment) 

The Information processing apparatus ac- 
cording to claim 1, characterized by further com- 
prising: 

35 

a control unit for executing a close process for 
the empty slot under a condition that a lapse 
time from a setting process for the empty slot 
In the MAC list exceeds a predetermined 
threshold time. 40 



from the received data processing request 
packet. 

7. (No Amendment) 

The information processing apparatus ac- 
cording to claim 1. characterized in that: 

the registration permission judgment unit judg- 
es whether a content directory service (CDS) 
request process in the sequence in conformity 
with the UPnP protocol is executed or not in re- 
sponse to a data processing request from the 
client; and 

the registration processing unit Is configured to 
execute the registration process for the MAC 
list in accordance with a judgment that the con- 
tent directory service (CDS) request process is 
executed, by acquiring the data containing the 
client MAC address from the received data 
processing request packet. 

8. (No Amendment) 

The Information processing apparatus ac- 
cording to claim 1, characterized in that: 

the registration processing unit is configured to 
execute the registration process for the MAC 
list by acquiring the MAC address and identifi- 
cation information different from the MAC ad- 
dress stored in the packet received from the cli- 
ent. 

9. (No Amendment) 

The information processing apparatus ac- 
cording to claim 8, characterized in that: 

the identification information different from the 
MAC address is identification information of 
global unique ID information or key Information 
set to a client apparatus. 



6. (No Amendment) 

The information processing apparatus ac- 
cording to claim 1, characterized in that: 

45 

the registration permission judgment unit is 
confiugred to execute a process of judging 
whether or not a data processing request se- 
quence from the client correctly and reliably ex- 
ecutes a sequence in conformity with a UPnP 50 
protocol; and 

the registration processing unit is configured to 
execute the registration process for the MAC 
list in accordance with a judgment that the data 
processing request sequence from the client 55 
correctly and reliably executes the sequence in 
conformity with a UPnP protocol, by acquiring 
the data containing the client MAC address 



10. (Amended) 

An information processing apparatus that 
serves as a client for executing an access request 
to a server connected to a network, characterized 
by comprising: 

a process activation detection unit for detecting 
of an activation of a communication process in 

the network; 

a control unit for executing a process of gener- 
ating and transmitting an access control list 
registration processing request packet explicit- 
ly indicating a registration request in a MAC list 
possessed by the server, by storing own MAC 
address In header information with using de- 
tected information, which is detected by the 
process activation detection unit, as a trigger. 
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11. (No Amendment) 

The information processing apparatus ac- 
cording to claim 10. characterized in that: 

the control unit is configured to execute a proc- 5 
ess of generating a packet storing the identiH- 
cation information of the global unique ID infor- 
mation or the key information set to the client 
apparatus, in a process of generating the ac- 
cess control list registration processing request fo 
packet. 

12. (No Amendment) 

The information processing apparatus ac- 
cording to claim 10, characterized in that: is 

the control unit is configured to transmit the ac- 
cess control list registration processing request 
packet by broadcast transmission or multicast 
transmission. 20 

13. (Amended) 

A server client system including a server for 
connecting to a network to which a plaurlity of de- 
vices are connected and receiving an access re- 25 
quest, and a client for executing the access request, 
characterized in that: 

the client is configured to detect an activation 
of a communication process in the network 30 
based on a power-on process or an activation 
of a specific application, and generating and 
transmitting an access control list registration 
processing request packet storing own MAC 
address in header Information by using the de- 35 
tected information as a trigger; and 
the server is configured to receive the access 
control registration processing request packet 
from the client through the network, confirm 
whether or not there is an empty slot in a MAC ^0 
list which sets information including a MAC ad- 
dress of one client as registration data for one 
slot, and execute a registration process of reg- 
istering client information based on the packet 
In the MAC list, only if there is the empty slot. 45 

14. (No Amendment) 

The client server system according to claim 
13, characterized in that: 

50 

the server is configured to execute a process 
of acquiring a sender MAC address contained 
in a header filed on a packet received from the 
client and adopt the acquired sender MAC ad- 
dress as registration information for the MAC 55 
list. 

15. (Amended) 



An Information processing method of execut- 
ing a process of generating an access control list, 
characterized by comprising: 

a reception step of connecting to a network to 
which a' plurality of devices are connected, and 
receiving a packet from a client that serves as 
an access requesting apparatus; 
a registration permission judgment step of judg- 
ing whether or not there is an empty slot in a 
MAC list in which information of a MAC list for 
one client is set as registration data for one slot; 
and 

a registration processing step of acquiring data 
containing a client MAC address from the re- 
ceived packet and executing a registration 
process for the MAC list, in accordance with a 
judgment at the registration permission judg- 
ment step that there is the empty slot. 

16. (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized in that: 

the registration processing step execute a proc- 
ess of acquiring a sender MAC address con- 
tained In a header field of the packet received 
from the client, and adopting the acquired send- 
er MAC address as registration information. of 
the MAC list. 

17. (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized by further compris- 
ing: 

a packet analysis step of judging whether the 
packet received from the client is a registration 
processing request packet or a data processing 
request packet; and 

characterized in that: 

if it is judged at the packet analysis step that 
the packet received from the client is the regis- 
tration processing request packet, the registra- 
tion permission judgment step executes a reg- 
istration permission judgment process in ac- 
cordance with a presence/absence detection 
process for the empty slot in the MAC address. 

18. (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized in that: 

if the packet received from the client is the data 
processing packet, the registration permission 
judgment step executes the registration per- 
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mission judgment process in accordance with 
the presence/absence detection process for 
the empty slot in the MAC address; and 
the registration processing unit step executes 
the registration process for the MAC list in ac- 5 
cordance with the judgment of the registration 
permission by the registration permission judg- 
ment unit, by acquiring the data containing the 
client MAC address from the received data 
processing request packet. io 

19. (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized by further compris- 
ing: 15 

a control step of executing a close process for 
the empty slot under a condition that a lapse 
time from a setting process for the empty slot 
in the MAC list exceeds a predetermined 20 
threshold time. 

20. (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized in that: 25 

the registration permission judgment step in- 
cludes a step of judging whether or not a data 
processing request sequence from the client 
correctly and reliably executes a sequence in 30 
conformity with a UPnP protocol; and 
the registration processing step executes the 
registration process for the MAC list by acquir- 
ing the data containing the client MAC address 
from the packet received from the cirentin in ac- 35 
cordance with a judgment that the data 
processing request sequence from the client 
correctly and reliably executes the sequence in 
conformity with a UPnP protocol,. 

40 

21 . (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized in that: 

the registration permission judgment step in- 45 
eludes a step of judging whether a content di- 
rectory service (CDS) request process in the 
sequence in conformity with the UPnP protocol 
is executed or not in response to a data 
processing request from the client; and 50 
the registration processing step executies the 
registration process for the MAC list in accord- 
ance with a judgment that the content directory 
service (CDS) request process is executed, by 
acquiring the data containing the client MAC 55 
address from the packet received from the cli- 
ent. 



22. (No Amendment) 

The information processing method accord- 
ing to claim 15, characterized in that: 

the registration processing step executes the 
registration process for the MAC list by acquir- 
ing the MAC address and identification informa- 
tion different from the MAC address stored in 
the packet received from the client. 

23. (No Amendment) 

The information processing method accord- 
ing to claim 22, characterized in that: 

the identification information different from the 
MAC address is identification information of 
global unique ID information or key information 
set to a client apparatus. 

24. (Amended) 

An information processing method for an in- 
formation processing apparatus that serves as a cli- 
ent for executing an access request to a server con- 
nected to a network, characterized by comprising: 

a trigger detection step of detecting an activa- 
tion of a communication process in the network 
based on a power-on process of the information 
processing apparatus or a specific application 
activation process; and 
a packet generation and transmission process 
step of generating and transmitting an access 
control list registration processing request 
packet explicitly indicating a registration re- 
quest in a MAC list possessed by the server, 
under a condition that the trigger information is 
detected, by storing own MAC address in head- 
er information. 

25. (No Amendment) 

The information processing method accord- 
ing to claim 24, characterized in that: 

the packet generation and transmission proc- 
ess step executes a process of generating a 
packet storing the identification information of 
the global unique ID information or the key in- 
formation set to the client apparatus, in a proc- 
ess of generating the access control list regis- 
tration processing request packet. 

26. (No Amendment) 

The information processing method accord- 
ing to claim 24, characterized in that: 

the packet generation and transmission proc- 
ess step transmites the access control list reg- 
istration processing request packet by broad- 
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cast transmission or multicast transmission. 

27. (Amended) 

A computer program for executing a process 
of generating an access control list, characterized 5 
by comprising: 

a reception step of connecting to a network to 
which a plurality of devices are connected, and 
receiving a packet from a client that serves as io 
an access requesting apparatus; 
a registration permission judgment step of judg- 
ing whether or not there is an empty slot in a 
MAC list in which information of a MAC list for 
one client is set as registration data for one slot; i5 
and 

a registration processing step of acquiring data 
containing a client MAC address from the re- 
ceived packet and executing a registration 
process for the MAC list, in accordance with a 20 
judgment at the registration permission judg- 
ment step that there is the empty slot. 

28. (Amended) 

A computer program for executing an infer- 25 
mation processing method for an information 
processing apparatus that serves as a client for ex- 
ecuting an access request to a server connected to 
a network, characterized by comprising: 

30 

a trigger detection step of detecting an activa- 
tion of a communication process in the network 
based on a power-on process of the information 
processing apparatus or a specific application 
activation process; and 35 
a packet generation and transmission process 
step of generating and transmitting an access 
control list registration processing request 
packet explicitly indicating a registration re- 
quest in a MAC list possessed by the server, 40 
under a condition that the trigger information is 
detected, by storing own MAC address in head- 
er information. 
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Statement under Art. 19.1 POT 



execute a registration process for the MAC list 
based on the received packet'*. 
The present amendment is based on descrip- 
tion such as in lines 25-29 page 1 5, etc of the 
specfication. 

In Japanese Patent Application Publication JP 
2002-159053 cited in the International Search 
Report, an information registration process 
configuration for MAC address and etc. by a us- 
er operation in a base station and a terminal is 
disclosed. Japanese Patent Application Publi- 
cation H09-233111 discloses a configuration 
that perform a management by providing a 
MAC address table of a line control unit in a 
periperal control unit of a connmunication 
processing apparatus, and enables to recover 
the MAC address during exhanging of the line 
control unit. The present invention permits an 
automatic registration of a MAC address based 
on a reception of a packet from a client to which 
a server is connected through the network, and 
therefore is different from each of the prior arts 
in enabling an automatic updating of the MAC 
list without requiring a user operation. 

2. With RegartTo Amendment of Claims 10, 24 and 
28: 

This amendment is made to clarify a feature 
such that "an information processing apparatus 
functioning as a client executing an access re- 
quest for a server is configured to detect an ac- 
tivation of a communication process in a net- 
work, and generate and transmit a registration 
requet packet storing a MAC address based on 
the detection information that acts as a trigger". 
The present amendment is based on descrip- 
tion such as in lines 19-26 page 20, etc of the 
specfication. 

3. With Regart To Amendment of Claim 13: 

The amendment of claim 13 is an amendment 
including both amendments in the above-de- 
scribed (1) and (2) 



1. With Regart To Amendment of Claims 1,15 and 
27: 

50 

This amendment is made to clarify a feature 
such that "an information processing apparatus 
for executing a process of generating an MAC 
list that serves as an access control list is con- 
figured to connect to a network to which a plu- 55 
raltty of devices are connected, receive a pack- 
et from a client functioning as an access re- 
questing apparatus through the network, and 
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